Configure AgentP options

In this topic, you will learn how to configure options available to users of Portnox™ AgentP.

When the user first runs AgentP to onboard their device, the options available in the AgentP user interface depend on the settings done by the administrator.

  1. In the Cloud portal top menu, click on the Settings option.

  2. In the Cloud portal left-hand side menu, click on the Services > GENERAL SETTINGS > AgentP Enrollment Policy option.

  3. Scroll down to the AGENTP ENROLLMENT POLICY section and click on the Edit link under this section.

  4. Turn relevant options on or off and then click on the Save button:
    • User’s corporate email: The user will be able to onboard using their email address and receive the confirmation code via the email. This option is used for Cloud accounts, where Portnox Cloud manages the user repository internally, as well as for contractor accounts (external email addresses).
    • User’s domain credentials: The user will be able to onboard using their corporate login and password or third-party integration. This option is used for onboarding when the user repository is managed by local Active Directory, local OpenLDAP, Azure/Entra ID, Google Workspace, or Okta Workforce Identity.
    • User accounts: The user will be able to onboard using their individual user account.
    • Computer accounts: The user will be able to onboard using the account that represents the computer.
    • Enable AgentP Multi-User (Windows OS only): AgentP checks if the user who is logged in to the computer is the same user that owns the active AgentP certificate. If not, AgentP will ask the current user to register using their credentials.
    • ADVANCED CONFIGURATION > Install computer certificate (Windows OS only): This setting is only for the multi-user mode. When this option is turned on, AgentP will use device certificates when no user is logged in. When this option is turned off, AgentP will use the last logged-in user’s certificate when no user is logged in. For more information, see this topic: AgentP and certificates.

    Note: The selected options means only that a specific onboarding mode is allowed for the group. To cause a specific instance of AgentP to onboard in a specific mode (if this mode is allowed using this setting), you must run AgentP installation with a specific switch or, if already onboarded, modify the Windows registry. For more information, see the following topic: AgentP working and installation modes.
  5. Scroll down to the Set AgentP configurations section and click on the Edit link under this section.

  6. Turn relevant options on or off and then click on the Save button:
    • Include “Deactivate” option in Agent’s UI: In the running AgentP, the user will have the option to deactivate the current onboarding. If the user selects that option, they will have to onboard the device again.
    • Include “Uninstall” option in Agent’s UI: In the running AgentP, the user will have the option to completely uninstall the AgentP software.
    • Configure wired network interface automatically (Windows devices only): On Windows devices, AgentP will automatically configure the Ethernet network interface to allow for wired network access. If this option is turned off, the user would have to configure the interface manually to be able to connect to the switch via Ethernet.
    • Enable authentication with custom certificates: This option is applicable only if you use and distribute your own custom supplicant certificates. If you activate this checkbox, AgentP will be able to use your own certificates, and it will not install the default supplicant certificates issued by the Portnox tenant CA.
      Note: If you use custom certificates, the name of the device on the Devices screen will be the same as the content of the SAN DNS field in that device’s certificate. We recommend that your CA issues such certificates with the client device’s FQDN in the SAN DNS field.